Skip to main content

Invisioncommunity

2 CVEs product

Monthly

CVE-2025-47916 CRITICAL POC THREAT Emergency

Invision Community 5.0.0 through 5.0.6 contains an unauthenticated remote code execution vulnerability in the template engine's themeeditor.php. By crafting template conditional strings using PHP's alternative function call syntax, attackers bypass security filters and execute arbitrary PHP code on the server.

PHP RCE Ssti Invisioncommunity
NVD Exploit-DB
CVSS 3.1
10.0
EPSS
90.7%
Threat
6.2
CVE-2024-30163 CRITICAL POC Act Now

Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store\_store::_categoryView() method, where user input passed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Invisioncommunity
NVD
CVSS 3.1
9.8
EPSS
8.7%
EPSS 91% 6.2 CVSS 10.0
CRITICAL POC THREAT Emergency

Invision Community 5.0.0 through 5.0.6 contains an unauthenticated remote code execution vulnerability in the template engine's themeeditor.php. By crafting template conditional strings using PHP's alternative function call syntax, attackers bypass security filters and execute arbitrary PHP code on the server.

PHP RCE Ssti +1
NVD Exploit-DB
EPSS 9% CVSS 9.8
CRITICAL POC Act Now

Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\store\_store::_categoryView() method, where user input passed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Invisioncommunity
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy